Snort mailing list archives
Re: Newbie: Bot Detection Rule
From: Chris Green <cmg () uab edu>
Date: 21 Jun 2001 16:52:37 -0500
George Yobst <george () lincc lib or us> writes:
Hi Craig, Sorry about the appalling lack of info. I'm running it on a FreeBSD 4.3 Stable with IPFilter as the FW. My question comes down to this: The rule(s) I can create, but how do I actually test them to make sure they work?
Generate the traffic the rule is catching.
I'm not up to creating fake bots. I don't want to get one and unleash it on my network. Is there a way to create packets with that port number that I can use to run thru Snort? Something that will trigger the alert to make sure it works?
Telnet with the correct ports. Use netcat.
I don't care about Gibson, the man. I do care about his research, and it's potentials. I want to be prepared for this kind of attack and I don't want my organization's computers to be used by the Bots.
Try http://www.undernet.org/ or something like that and get a regular irc client and try to connect to a server. You will see identd connections and you will see the irc signon process You should be aware that not everyone that uses irc is a leet 15 year old so you should see your organizations own policies before doing a chicken little. -- Chris Green <cmg () uab edu> A watched process never cores. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Newbie: Bot Detection Rule George Yobst (Jun 21)
- Re: Newbie: Bot Detection Rule Craig Woods (Jun 21)
- Re: Newbie: Bot Detection Rule George Yobst (Jun 21)
- Re: Newbie: Bot Detection Rule Chris Green (Jun 21)
- Re: Newbie: Bot Detection Rule George Yobst (Jun 21)
- Re: Newbie: Bot Detection Rule Brian Caswell (Jun 21)
- Re: Newbie: Bot Detection Rule Vitaly Osipov (Jun 22)
- Re: Newbie: Bot Detection Rule Craig Woods (Jun 21)